The healthcare industry is grappling with a surge in cyberattacks and data breaches, a pressing issue that underscores the urgency of robust compliance strategies. In the first half of this year alone, more than 31 million Americans were affected by the 10 largest healthcare data breaches, a number poised to rise as incidents such as the The Change Healthcare ransomware attack is taking place.1 These breaches not only disrupt care, but also highlight vulnerabilities in healthcare’s digital infrastructure.
The report highlights evolving risks and offers guidance to protect patient care and organizational integrity. | Image credit: Gorodenkoff – stock.adobe.com
In this context, the Healthcare Compliance Outlook for 2025 report2 highlights evolving risks and offers guidance to protect patient care and organizational integrity.
“Healthcare compliance professionals face growing areas of risk, even as many report resource constraints that could limit their ability to meet challenges,” said John E. Kelly, Partner and chairman of Barnes & Thornburg’s Health and Healthcare Industry Department. a declaration.3 “These pressures underscore the need for organizations to adopt a robust compliance strategy to stay ahead of the curve. »
The report is based on a survey of 120 compliance, risk and legal leaders across various U.S. healthcare industries, including hospitals, physician practices and life sciences companies.2 Conducted in May 2024, the study collects perspectives from organizations of varying sizes, ranging from less than $1 million to more than $10 billion in annual revenue. Interviewees, including CEOs and compliance officers, shared their perspectives on pressing issues such as the integration of artificial intelligence (AI), cybersecurity and regulatory risks, providing insight-based exploration on emerging healthcare compliance challenges and strategies.
Here are the main conclusions:
Resource constraints
Resource constraints pose a significant challenge for healthcare compliance teams, with 53% of respondents reporting limitations in budgets, staffing and technology. These constraints hinder the ability to effectively manage emerging risks, such as regulatory compliance and cybersecurity threats. Additionally, 56% expect these challenges to persist or worsen in the coming year. Financial resources are notably the most cited limitation, followed by qualified talent and technological tools. These gaps cause many organizations to struggle to maintain high-quality care and adequately address compliance priorities.
AI Integration
Nearly 75% of healthcare organizations are using or considering using AI for compliance-related tasks. Of these, 31% have already implemented generative AI, and 28% have integrated predictive AI. Common applications include data analysis (45%), administrative tasks (43%), and risk assessments (39%). Despite this progress, 58% of respondents report difficulty establishing governance frameworks to guide the ethical use of AI. Additionally, more than 60% expect AI integration to increase their budgets by more than 10% in the coming year, highlighting both its potential and the challenges which are associated with it.
Cybersecurity issues
The report highlighted significant cybersecurity concerns, with 56% of respondents identifying external data breaches as a top risk, followed by ransomware attacks (52%) and Health Insurance Portability and Security breaches. Accountability Act (49%). Internal data privacy concerns and medical device vulnerabilities also rank high, cited by 48% and 31%, respectively.
Change Healthcare reported to HHS that the February health care breach affected 100 million people in the United States, making it the largest health data breach ever reported to U.S. regulators.4 While fewer than half of organizations conduct proactive audits, many remain vulnerable to growing threats in an increasingly digitalized healthcare environment.2
Limited risk audit
The report found gaps in risk auditing, with only 48% of healthcare organizations conducting audits in high-risk areas. Even fewer employees collaborate with external experts, regulators or industry partners, missing opportunities to improve their compliance strategies.1 This lack of proactive auditing leaves organizations vulnerable to risks such as data breaches, fraud and regulatory sanctions. While resource constraints already limit their ability to meet compliance priorities, the absence of robust audit frameworks exacerbates vulnerabilities in an increasingly complex landscape.
Influence of private equity
Private equity is also playing an increasingly important role in the healthcare sector, with 54% of organizations surveyed either already backed by private equity (22%), actively seeking it (14%), negotiating deals agreements (14%) or considering it as a future. possibility (4%). This trend reflects the growing need for private capital to finance operational improvements and innovations. However, private equity participation also brings increased regulatory scrutiny, including compliance with anti-kickback statutes and corporate practice of medicine laws. It is essential for organizations to balance the financial benefits of private equity with these regulatory requirements.
Looking ahead, emerging trends in healthcare compliance point to increasing pressures related to budgetary and staffing challenges, with many organizations expecting these issues to worsen. This has led to an increased reliance on technology tools, such as AI, to meet compliance requirements. Additionally, rapidly evolving federal and state regulations are reshaping compliance priorities, particularly in areas such as data privacy and patient safety. Despite these changes, the report highlights that many organizations are falling behind in their preparation, with gaps in audit readiness and monitoring frameworks, highlighting the need for more proactive compliance strategies.
“I think the biggest challenge is really a combination of several different things,” Kelly said. The American Journal of Managed Care® (AJMC®). “The first is that there simply continue to be resource limitations and constraints on compliance programs. Compliance programs are not seen as a source of revenue, although they should be viewed differently, because they certainly save companies a lot of money And I think when you add that to the fact that the risks in the healthcare industry continue to increase from a compliance perspective, and that those-. these come together, you find yourself in a really difficult situation in terms of effectiveness of compliance programs.
To address growing non-compliance risks, the report highlights policy recommendations in key areas. When it comes to AI governance, organizations should develop ethical guidelines, align with emerging regulations, and provide regular training to staff on the use of AI and data privacy. Additionally, improving risk management involves conducting proactive audits in high-risk areas and fostering collaboration with regulators and industry experts. Additionally, to strengthen cybersecurity, healthcare providers are encouraged to adopt advanced threat detection tools and constantly update incident response and recovery plans to effectively mitigate the impact of breaches potential.
“From a government perspective, there is no secret about the importance of compliance programs,” Kelly said. AJMC. “Everyone knows it’s extremely important, that you’re expected to have an effective program (and) to have a culture of compliance. When you fail to do that, you radically increase the risk that this represents.” any organization can support.
References
1. Southwick R. The 10 biggest healthcare data breaches in the first half of 2024. Chief Healthcare Executive®. July 2, 2024. Accessed November 19, 2024. https://www.chiefhealthcareexecutive.com/view/the-top-10-health-data-breaches-of-the-first-half-of-2024
2. Healthcare Compliance Outlook to 2025. Barnes & Thornberg LLP. October 23, 2024. Accessed November 19, 2024. https://insight.btlaw.com/43/1706/uploads/2025-healthcare-compliance-outlook-report.pdf
3. The U.S. healthcare and life sciences industries face increasing compliance pressures, as shown in Barnes & Thornberg’s 2025 Healthcare Compliance Outlook report. Barnes & Thornberg LLP. Press release. October 23, 2024. Accessed November 19, 2024. https://btlaw.com/en/insights/news/2024/us-healthcare-life-science-industries-face-rising-compliance-pressures
4. Starks T. Change The healthcare breach affected 100 million Americans, marking a new record. Cyberscoop. October 25, 2024. Accessed November 19, 2024. https://cyberscoop.com/change-healthcare-breach-affected-100-million-americans-marking-a-new-record/#:~:text=The%20Change%20Healthcare%20data%20breach,ever%20reported% 20to%20U.S.%20regulators
